ModSecurity 1.9.3 has been released. The Win32 binary is available for immediate download here from the Apache Lounge

Changes since 1.9.2:

* Fixed malformed serial audit log entry problem.
* Strict checking of what is supplied for the "severity" action.
* Prettier output in the logs (text instead of numbers).
* Improved detection of the response protocol version.
* Improved the internal chroot feature to work with mod_fastcgi, mod_fcgi, mod_cgid (testers welcome).
* Response headers are now escaped in the concurrent audit log.
* New action: logparts (adjust the audit log parts setting).
* Added support for multiple messages per transaction.
* Added SCRIPT_BASENAME, REQUEST_BASENAME.
* Implemented variable caching to reduce memory consumption. Large memory savings can be achived but only when the rule set is significantly large. Not noticable for "normal" installations.
* Fixed the "Server" trailer message in the concurrent audit log.
* Removed the extra newline added to the index file by the ncurrent audit logger.
* Fixed a problem in the action list parser which caused parsing to stop after any action with a quoted parameter.
* (Apache 2.x only) Fixed a response buffering problem that manifested as partial loss of output when virtual subrequests are used (it is the output from the virtual subrequests that would be lost).
* Deprecated DynamicOnly because it is inherently difficult to use and often unpredictable.